<?php
/* $Id: passret.php 14 2009-04-11 17:40:34Z ronan $ */
$basesite=$_SERVER['PHP_SELF'];
require("common.php");
IGBAuthorize();
if(!$isTGRAD) quit("If you're not a TGRAD member, you shouldn't have an account anyway'.");
$results = Query("SELECT * FROM users WHERE name = '".mysql_real_escape_string($pilotname)."'");
if(mysql_num_rows($results)==0) quit("It appears that you haven't actually registered - <a href=\"register.php\">try here</a>.");
if(isset($_POST['email'])) $email = $_POST['email'];
require("header.php");
if(isset($email)) {
	if($email==mysql_result($results,0,'email')) {
		$newpass=generatePassword();
		$passsetresults=Query("UPDATE users SET password=PASSWORD('$newpass') WHERE id='".mysql_result($results,0,'id')."' LIMIT 1");
		mail($email, "TGRAD Order Tool password retrieval", "Your TGRAD Order Tool account - $pilotname - has had its password reset.\n\n" .
				"The new password is:\n\n" .
				"$newpass\n\n" .
				"We recommend logging in and changing the password as soon as possible.\n\n" .
				"~The Administration\n\n" .
				"(This message is automated - do not reply to this address, as it will not be recorded.)", 'From: TGRADOrderTool@tgrads.com' . "\r\n" .
    'Reply-To: TGRADOrderTool@tgrads.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion());
		echo "Your password has been reset - an email has been sent with the new password. <a href=\"index.php\">Return home</a>.";
		require("footer.php");
		exit;
	} else {
		echo "That is not the email address we have on file!";
		require("footer.php");
		exit;
	}
} else {
	echo "<form method=\"post\" action=\"passret.php\"><table border=0 cellpadding=0 cellspacing=0>" .
		"<tr><td>Name: </td><td>$pilotname</td></tr>\n" .
		"<tr><td>Corp: </td><td>$pilotcorp</td></tr>\n" .
		"<tr><td>Email: </td><td><input type=\"text\" name=\"email\" /></td></tr>\n" .
		"<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"Retrieve Password\"></td></tr></table></form>"; 
}
require("footer.php");
?>
